1960 shaares
Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3825
https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status/#.VcjWqp5VhBc
